Skills
skills/agentlyhq/aixyz/aixyz-on-openclaw/Snyk

aixyz-on-openclaw

Fail

Audited by Snyk on Mar 22, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The prompt instructs users to place API keys in .env.local and explicitly documents passing a wallet private key via a --private-key flag or having the CLI display the private key, which are patterns that require copying/embedding secret values verbatim and thus create exfiltration risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly guides creating and managing crypto wallets, funding them, submitting on-chain transactions (aixyz erc-8004 register with --broadcast and a private key), and configuring payment behavior (x402 micropayments, payTo wallet address, accepts { scheme: "exact", price: ... }). These are direct crypto/blockchain payment and transaction actions (signing/broadcasting, receiving funds, paying gas) — i.e., explicit financial execution capabilities.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 22, 2026, 12:52 PM
Issues
2